Re: Windows 2003 server and VPN: Security(?)

Hi Mike, thank you for your help.

Regards
Markus

"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:eYk9SsoAGHA.3936@xxxxxxxxxxxxxxxxxxxxxxx
> Hi Mark,
>
> I don't think it is a problem of punching few holes in the firewall
> (actually you would usually need a few).
> Main problem with VPN is how to make sure that remote computers are safe.
>
> E.g. how do you know that a remote computer that is trying to connect to
> VPN is not infected with a virus? Once connected over the VPN it will
> infect whole network (actually I saw thins in few real environments).
> How do you know that remote computer is well protected and that there is
> not some 3rd party (unknown attacker) using your PC at home to VPN into
> the corporate network.
>
> These would usually be main concerns. Most of these can be solved by VPN
> quarantine where you can check if the computer is patched, updated, has
> antivirus running, etc.
>
> Best think to do is to ask your administrator what does he see as the
> biggest threat and maybe we can give you more information that you can
> take to your administrator.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Mark" <mark@xxxxxxxxxxxxxxx> wrote in message
> news:OuhVLaoAGHA.2704@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi, at work we would like to move towards remote access to employees via
>> a VPN.
>>
>> Now, our admin seems reluctant citing security as an issue which is fair
>> enough.
>>
>> Given that our employees are on static IP addresses external and our
>> network is behind a firewall surely we could punch a single hole in the
>> fireall and give access to *only* that IP address? Once through the
>> firewall, the user would still have the Windows 2003 security so we would
>> have at least two levels of security.
>>
>> How safe is setting up a VPN network under Windows 2003?
>>
>> TIA
>> Marcus
>>
>>
>
>


.

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall advice required please
    ... 2./ How do you provide "SECURE" access without a VPN? ... suggesting you are achieving as-good-as security using a standard SSL, ... > and air-gap is the only product we carry. ... > no other firewall can touch. ...
    (comp.security.firewalls)